Hi all,
Our infra runs fine already with the HTTP-based distribution point feature, but we would like to enhance it with SSL and certificate based authentication.
JAMF web interface is awaiting a certificate I can upload with "Upload certificate" button, to allow jamf agent to access the web server. Per my understanding, this is a client-based auth, so I must generate a "client certificate" with openssl, that I upload to JAMF web interface, that will be passed later to SelfService, so it can authenticate to my HTTPS Distribution Point.
As it is a client cert, a private key part must be inside this file.
When uploading the cert, it seems JAMF web interface only checks for the filename extension, and allow any file, as long as the extension is *.cer... (bad...).
Unfortunately, I did couple of tests with the file I uploaded (PKCS12 format file with empty password, or only private key part Base-64 encoded, and so on...), but was not about to make it work. In Wireshark, I see my webserver shows its server cert, but the jamf agent never sent the client cert it got from JAMF backend.
I see jamf/SelfService trying to do sth with openssl : "openssl pkcs12 -export -out client.p12 -inkey client.cer -in client.cer -password pass:51D390F9-14ED-4553-9AB6-D0D0259DB508".
It seems it tries to extract the private key part from the file I uploaded...
Not sure if anyone tried this setup and had success... but I would appreciate to know what is really expected in the file I need to upload, as there is nothing in the documentation about it.
